Depending upon which browser your clients use, you have to set up the Kerberos configuration.
The URL http://webserver.test.ad must be added to Internet options > Security > Trusted sites. You can deploy this setting by using a group policy.
Chrome must be started with the parameter
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --auth-server-whitelist="*.test.ad
This setting can be automatically deployed by using group policies.
- Download the official group policies for Chrome
- Follow the installation procedure and open the chrome.admx
- Configure a policy for the option AuthServerWhitelist
- Deploy the policy
In Firefox you have to go to the about:config page and set the parameters
The deployment of these settings can be done by using GPO for Firefox. The Firefox plug-in itself should be automatically bundled by your NETLOGON script.